馬上註冊,結交更多好友,享用更多功能,讓你輕鬆瀏覽論壇。
你需要 登入 才可以下載或檢視,沒有帳號?我要註冊
x
下面這個發信主機,一直重覆發送郵件攻擊,MDAEMON 似乎沒有好的方法可以抵擋攻擊。 Thu 2006-07-20 20:58:09: ---------- Partial transcript, remainder will follow. Thu 2006-07-20 20:58:09: [81:1] Session 81; child 1; thread 752 Thu 2006-07-20 20:56:41: [81:1] Accepting SMTP connection from [218.254.218.168 : 2824] Thu 2006-07-20 20:56:41: [81:1] Performing PTR lookup (168.218.254.218.IN-ADDR.ARPA) Thu 2006-07-20 20:56:41: [81:1] * D=168.218.254.218.IN-ADDR.ARPA TTL=(59) PTR=[cm218-254-218-168.hkcable.com.hk] Thu 2006-07-20 20:56:41: [81:1] * Gathering A records... Thu 2006-07-20 20:56:42: [81:1] * D=cm218-254-218-168.hkcable.com.hk TTL=(480) A=[218.254.218.168] Thu 2006-07-20 20:56:42: [81:1] ---- End PTR results Thu 2006-07-20 20:56:42: [81:1] --> 220 company.com.tw ESMTP MAIL ready Thu 2006-07-20 20:56:43: [81:1] <-- EHLO cm218-254-218-168.hkcable.com.hk Thu 2006-07-20 20:56:43: [81:1] Performing IP lookup (cm218-254-218-168.hkcable.com.hk) Thu 2006-07-20 20:56:43: [81:1] * D=cm218-254-218-168.hkcable.com.hk TTL=(479) A=[218.254.218.168] Thu 2006-07-20 20:56:43: [81:1] ---- End IP lookup results Thu 2006-07-20 20:56:43: [81:1] --> 250-company.com.tw Hello cm218-254-218-168.hkcable.com.hk, pleased to meet you Thu 2006-07-20 20:56:43: [81:1] --> 250-ETRN Thu 2006-07-20 20:56:43: [81:1] --> 250-AUTH=LOGIN Thu 2006-07-20 20:56:43: [81:1] --> 250-AUTH LOGIN CRAM-MD5 Thu 2006-07-20 20:56:43: [81:1] --> 250-8BITMIME Thu 2006-07-20 20:56:43: [81:1] --> 250 SIZE 0 Thu 2006-07-20 20:56:44: [81:1] <-- MAIL FROM:<[email protected]> Thu 2006-07-20 20:56:44: [81:1] --> 550 Domain company.com.tw does not accept mail from cm218-254-218-168.hkcable.com.hk Thu 2006-07-20 20:56:45: [81:1] <-- RSET Thu 2006-07-20 20:56:45: [81:1] --> 250 RSET? Well, ok. Thu 2006-07-20 20:56:46: [81:1] <-- MAIL FROM:<[email protected]> Thu 2006-07-20 20:56:46: [81:1] --> 550 Domain company.com.tw does not accept mail from cm218-254-218-168.hkcable.com.hk Thu 2006-07-20 20:56:47: [81:1] <-- RSET 它一直試到 Fri 2006-07-21 01:04:22: [269:3] --> 250 RSET? Well, ok. Fri 2006-07-21 01:04:22: [269:3] <-- MAIL FROM:<[email protected]> Fri 2006-07-21 01:04:22: [269:3] --> 550 Domain company.com.tw does not accept mail from c-69-180-131-172.hsd1.mn.comcast.net Fri 2006-07-21 01:04:23: [269:3] <-- RSET Fri 2006-07-21 01:04:23: [269:3] --> 250 RSET? Well, ok. Fri 2006-07-21 01:04:23: [269:3] <-- MAIL FROM:<[email protected]> Fri 2006-07-21 01:04:23: [269:3] --> 550 Domain company.com.tw does not accept mail from c-69-180-131-172.hsd1.mn.comcast.net Fri 2006-07-21 01:04:24: [269:3] <-- RSET Fri 2006-07-21 01:04:24: [269:3] --> 250 RSET? Well, ok. Fri 2006-07-21 01:04:24: [269:3] Winsock Error 10054 Connection was reset by the other side! Fri 2006-07-21 01:04:24: [269:3] SMTP session terminated (Bytes in/out: 351567/927048)
結果這四小時,頻寬被它吃完,拿它一點辦法都沒有,MDAEMON應該多一個設定,收件者超過幾個人,就直接給它斷線不要讓它再試了。
P.S. 雖然有設防火牆,但是公司長期對內對外傳輸大型檔案,所以也無法設規則判定連線時間。 |